]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
lib: Add restrict_access_flags enum to use with restrict_access[_by_env]()
authorMartti Rannanjärvi <martti.rannanjarvi@dovecot.fi>
Fri, 29 Sep 2017 10:40:12 +0000 (13:40 +0300)
committerTimo Sirainen <timo.sirainen@dovecot.fi>
Mon, 12 Feb 2018 15:00:14 +0000 (17:00 +0200)
Swap parameter locations in the functions to make sure plugins are
updated to use the new api.

28 files changed:
src/anvil/main.c
src/auth/main.c
src/config/main.c
src/dict/main.c
src/director/main.c
src/dns/dns-client.c
src/doveadm/main.c
src/imap-hibernate/main.c
src/indexer/indexer-worker.c
src/indexer/indexer.c
src/ipc/main.c
src/lib-program-client/program-client-local.c
src/lib-storage/mail-storage-service.c
src/lib/restrict-access.c
src/lib/restrict-access.h
src/lmtp/main.c
src/log/main.c
src/login-common/main.c
src/master/service-process.c
src/old-stats/main.c
src/plugins/quota/quota-status.c
src/replication/aggregator/aggregator.c
src/replication/replicator/replicator.c
src/stats/main.c
src/util/rawlog.c
src/util/script-login.c
src/util/script.c
src/util/tcpwrap.c

index e1a4062f8026bb28b7b2e062d3d4cfa05fd33367..becfbd4accfe515354ae8eb642e4fce75b0bf1a4 100644 (file)
@@ -65,7 +65,7 @@ int main(int argc, char *argv[])
                i_fatal("Error reading configuration: %s", error);
        master_service_init_log(master_service, "anvil: ");
 
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
        anvil_restarted = getenv("ANVIL_RESTARTED") != NULL;
 
index e6dd2e835005fa3851295ae89afe23fc62c07400..7221e5e1e4db2cc365d42d817e5f2b745542ebaa 100644 (file)
@@ -209,7 +209,7 @@ static void main_preinit(void)
                auth_token_init();
 
        /* Password lookups etc. may require roots, allow it. */
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 }
 
index 6eba1b7dccd58367a06c8a2dc92d9b30562af326..14caa51c9b747e366ade02e7277535b45b695b37 100644 (file)
@@ -23,7 +23,7 @@ int main(int argc, char *argv[])
                return FATAL_DEFAULT;
        master_service_init_log(master_service, "config: ");
 
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 
        config_parse_load_modules();
index 2491824fcf23024b0d50467965e2951773c75fbd..f298235e6bb2d678899557376c914f7df1f906dd 100644 (file)
@@ -82,7 +82,7 @@ static void main_preinit(void)
        dict_driver_register(&dict_driver_cdb);
 #endif
 
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 }
 
index 46ba6e8c756369b26f042ec0e6e4044b89b46b30..96cea27864a635894a4c2754aba8915ee6f1ac4f 100644 (file)
@@ -291,7 +291,7 @@ static void main_preinit(void)
                i_fatal("Invalid value for director_mail_servers setting");
        director->orig_config_hosts = mail_hosts_dup(director->mail_hosts);
 
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 }
 
index 48b9154aa46e7e08c3eb009e4471c3162b3f9caf..6d685676db3d4b4d759fbd95955cf69326568cd6 100644 (file)
@@ -135,7 +135,7 @@ int main(int argc, char *argv[])
                return FATAL_DEFAULT;
 
        master_service_init_log(master_service, "dns-client: ");
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 
        master_service_init_finish(master_service);
index bdb9333212d89ffddf4d187822bbd5ccb8f9e974..e73e51b27bc491cbac213e389e682f1c42f420d2 100644 (file)
@@ -64,7 +64,7 @@ void help_ver2(const struct doveadm_cmd_ver2 *cmd)
 
 static void main_preinit(void)
 {
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 }
 
index c7d15a1744418f1558c358b648751525dcbfec1e..0c24a116e6461a4420e486e81296b32c434dac62 100644 (file)
@@ -39,7 +39,7 @@ int main(int argc, char *argv[])
                i_fatal("Error reading configuration: %s", error);
 
        master_service_init_log(master_service, "imap-hibernate: ");
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 
        imap_clients_init();
index fed101e07efe49ef01bf88a1d86a7858012c9b82..32ee9d8cdce354aa17ce2567d47d819d49d77750 100644 (file)
@@ -40,7 +40,7 @@ static void drop_privileges(void)
                (void)master_service_settings_read(master_service,
                                                   &input, &output, &error);
        }
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
 }
 
 int main(int argc, char *argv[])
index 059feebe88af8043dd8a19bee631dd7700edeb65..9b02d22d10b9697cd5f4dde1f9a6a55598e918d1 100644 (file)
@@ -122,7 +122,7 @@ int main(int argc, char *argv[])
        set = master_service_settings_get(master_service);
 
        master_service_init_log(master_service, "indexer: ");
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
        master_service_set_idle_die_callback(master_service, idle_die);
 
index 1d7b599a5a8d7b02fcbcb15dae818d64aeebae51..b0a9cd84b21817cc03c1a724e2c01c7a53252100 100644 (file)
@@ -46,7 +46,7 @@ int main(int argc, char *argv[])
                i_fatal("Error reading configuration: %s", error);
        master_service_init_log(master_service, "ipc: ");
 
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
        ipc_groups_init();
        master_service_init_finish(master_service);
index c20686af4d9738f919b9c5a180251b1b20708b50..b8eee657b0f7aa5c677726ab3157deaa9b50dc02 100644 (file)
@@ -235,8 +235,9 @@ int program_client_local_connect(struct program_client *pclient)
 
                /* if we want to allow root, then we will not drop
                   root privileges */
-               restrict_access(&pclient->set.restrict_set, pclient->set.home,
-                               !pclient->set.allow_root);
+               restrict_access(&pclient->set.restrict_set,
+                               pclient->set.allow_root ? RESTRICT_ACCESS_FLAG_ALLOW_ROOT : 0,
+                               pclient->set.home);
 
                exec_child(pclient->path, pclient->args, &pclient->envs,
                           fd_in[0], fd_out[1], child_extra_fds,
index 1d0467c98a016c653ef87f64eaae2df72e50cf23..81022295048bc6663b653971f6fd5ee2cbe35da7 100644 (file)
@@ -640,8 +640,8 @@ service_drop_privileges(struct mail_storage_service_user *user,
                disallow_root = FALSE;
        }
        if (!setenv_only) {
-               restrict_access(&rset, *priv->home == '\0' ? NULL : priv->home,
-                               disallow_root);
+               restrict_access(&rset, disallow_root ? 0 : RESTRICT_ACCESS_FLAG_ALLOW_ROOT,
+                               *priv->home == '\0' ? NULL : priv->home);
        } else {
                restrict_access_set_env(&rset);
        }
index 72768f184fc709ef5374952e2d2abbd455cf3f32..1d5ed5c39c666a69c867f3223d430870968d9bac 100644 (file)
@@ -256,10 +256,11 @@ get_setuid_error_str(const struct restrict_access_settings *set, uid_t target_ui
 }
 
 void restrict_access(const struct restrict_access_settings *set,
-                    const char *home, bool disallow_root)
+                    enum restrict_access_flags flags, const char *home)
 {
        bool is_root, have_root_group, preserve_groups = FALSE;
        bool allow_root_gid;
+       bool allow_root = (flags & RESTRICT_ACCESS_FLAG_ALLOW_ROOT) != 0;
        uid_t target_uid = set->uid;
 
        is_root = geteuid() == 0;
@@ -345,9 +346,9 @@ void restrict_access(const struct restrict_access_settings *set,
        }
 
        /* verify that we actually dropped the privileges */
-       if ((target_uid != (uid_t)-1 && target_uid != 0) || disallow_root) {
+       if ((target_uid != (uid_t)-1 && target_uid != 0) || !allow_root) {
                if (setuid(0) == 0) {
-                       if (disallow_root &&
+                       if (!allow_root &&
                            (target_uid == 0 || target_uid == (uid_t)-1))
                                i_fatal("This process must not be run as root");
 
@@ -448,12 +449,12 @@ void restrict_access_get_env(struct restrict_access_settings *set_r)
        set_r->chroot_dir = null_if_empty(getenv("RESTRICT_CHROOT"));
 }
 
-void restrict_access_by_env(const char *home, bool disallow_root)
+void restrict_access_by_env(enum restrict_access_flags flags, const char *home)
 {
        struct restrict_access_settings set;
 
        restrict_access_get_env(&set);
-       restrict_access(&set, home, disallow_root);
+       restrict_access(&set, flags, home);
 
        /* clear the environment, so we don't fail if we get back here */
        env_remove("RESTRICT_SETUID");
index de26a48ff48251ba1ff9642dd6f472a09ba63c12..6f7f476f3e899de6220253f0581a01ee63d42cd4 100644 (file)
@@ -1,6 +1,13 @@
 #ifndef RESTRICT_ACCESS_H
 #define RESTRICT_ACCESS_H
 
+enum restrict_access_flags {
+       /* If flags given to restrict_access() include
+        * RESTRICT_ACCESS_FLAG_ALLOW_ROOT, we won't kill
+        * ourself when we have root privileges. */
+       RESTRICT_ACCESS_FLAG_ALLOW_ROOT = 1,
+};
+
 struct restrict_access_settings {
        /* UID to use, or (uid_t)-1 if you don't want to change it */
        uid_t uid;
@@ -37,16 +44,18 @@ void restrict_access_init(struct restrict_access_settings *set);
 /* Restrict access as specified by the settings. If home is not NULL,
    it's chdir()ed after chrooting, otherwise it chdirs to / (the chroot). */
 void restrict_access(const struct restrict_access_settings *set,
-                    const char *home, bool disallow_root) ATTR_NULL(2);
+                    enum restrict_access_flags flags, const char *home)
+                    ATTR_NULL(3);
 /* Set environment variables so they can be read with
    restrict_access_by_env(). */
 void restrict_access_set_env(const struct restrict_access_settings *set);
 /* Read restrict_access_set_env() environments back into struct. */
 void restrict_access_get_env(struct restrict_access_settings *set_r);
 /* Read restrictions from environment and call restrict_access().
-   If disallow_roots is TRUE, we'll kill ourself if we didn't have the
-   environment settings. */
-void restrict_access_by_env(const char *home, bool disallow_root) ATTR_NULL(1);
+   If flags do not include RESTRICT_ACCESS_FLAG_ALLOW_ROOT, we'll kill ourself
+   unless the RESTRICT_* environments caused root privileges to be dropped */
+void restrict_access_by_env(enum restrict_access_flags flags,
+                           const char *home) ATTR_NULL(2);
 
 /* Return the chrooted directory if restrict_access*() chrooted,
    otherwise NULL. */
index dc6d4678361690634f139830c8b50d35a9e8a81e..b73a5e290abc8540ad1f61a1d643b8a26e6777d7 100644 (file)
@@ -63,7 +63,7 @@ static void drop_privileges(void)
        if (master_service_settings_read(master_service,
                                         &input, &output, &error) < 0)
                i_fatal("Error reading configuration: %s", error);
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
 }
 
 static void main_init(void)
index 6fd2a69ec539ba1790374a7f6f524c779aa7853b..8e6e5b875a33d9c75f6b6679c53c2ab5d9ba3a21 100644 (file)
@@ -79,7 +79,7 @@ int main(int argc, char *argv[])
 
        verbose_proctitle = master_service_settings_get(master_service)->verbose_proctitle;
 
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 
        /* logging should never die if there are some clients */
index cbdaf65ba3394020f08decf02d7294a6ec964d04..de0b2b099232990b0999faebdd5e9dd13386aa6f 100644 (file)
@@ -428,7 +428,7 @@ static void main_preinit(void)
 
        login_load_modules();
 
-       restrict_access_by_env(NULL, TRUE);
+       restrict_access_by_env(0, NULL);
        if (login_debug)
                restrict_access_allow_coredumps(TRUE);
        initial_service_count = master_service_get_service_count(master_service);
index cc804350a32948371663a4bac50676977757c1ef..cdcc46520ef4fad2f9a86bd4abe18c938ea5d78c 100644 (file)
@@ -193,7 +193,9 @@ drop_privileges(struct service *service)
        restrict_access_set_env(&rset);
        if (service->set->drop_priv_before_exec) {
                disallow_root = service->type == SERVICE_TYPE_LOGIN;
-               restrict_access(&rset, NULL, disallow_root);
+               restrict_access(&rset,
+                               disallow_root ? 0 : RESTRICT_ACCESS_FLAG_ALLOW_ROOT,
+                               NULL);
        }
 }
 
index 038c4ec75f587ab8e8fa93a3e25986ff0a665341..34bd8efc138940b40a90a983214add18b6f3f423 100644 (file)
@@ -38,7 +38,7 @@ static void main_preinit(void)
        modules = module_dir_load(STATS_MODULE_DIR, NULL, &mod_set);
        module_dir_init(modules);
 
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 }
 
index 2adfdfb4ad0e22409fb51711121de30bcc5bc4db..431a980e67f6d30e3d38dff309cb046e124cbf95 100644 (file)
@@ -204,7 +204,7 @@ static const struct connection_vfuncs client_vfuncs = {
 
 static void main_preinit(void)
 {
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 }
 
index 2942fb5ad7761be5c6a669bdab5838990aadcb0c..66f82d6139b05efbfb8d5b4f84b9e9a806aaa254 100644 (file)
@@ -61,7 +61,7 @@ int main(int argc, char *argv[])
 
        main_preinit();
 
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
        master_service_init_finish(master_service);
 
index b5074d348110c2502531a977aba13e258635439e..24bacc2bce7919534a38fae8d55066faa14f058c 100644 (file)
@@ -102,7 +102,7 @@ int main(int argc, char *argv[])
                i_fatal("Error reading configuration: %s", error);
        master_service_init_log(master_service, "replicator: ");
 
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
        /* finish init before we get list of users from auth, because that
           can take long enough for master process to kill us otherwise. */
index 702f6b3ce159683abd043d46d49cc8768c578adf..9264ae09d0897b25d65029dec0bf6b89ae223ba3 100644 (file)
@@ -42,7 +42,7 @@ static void client_connected(struct master_service_connection *conn)
 
 static void main_preinit(void)
 {
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 }
 
index 7305c122dc828118b4546d2e355b872b27bee699..34ddb47145013235a48cae482d5e31b1ec4ad1a8 100644 (file)
@@ -356,7 +356,7 @@ static void rawlog_open(enum rawlog_flags flags)
        }
        i_close_fd(&sfd[1]);
 
-       restrict_access_by_env(getenv("HOME"), TRUE);
+       restrict_access_by_env(0, getenv("HOME"));
 
        process_title_set(t_strdup_printf("[%s:%s rawlog]", getenv("USER"),
                                          dec2str(getppid())));
index ea7ffd5e4cc361f4bb63c90eceb629876da23f5f..0954b47c50246068ba219d0d17fbece364a87961 100644 (file)
@@ -121,7 +121,7 @@ static void client_connected(struct master_service_connection *conn)
                mail_storage_service_restrict_setenv(service_ctx, user);
                /* we can't exec anything in a chroot */
                env_remove("RESTRICT_CHROOT");
-               restrict_access_by_env(getenv("HOME"), TRUE);
+               restrict_access_by_env(0, getenv("HOME"));
        }
 
        if (dup2(fd, STDIN_FILENO) < 0)
@@ -217,7 +217,7 @@ int main(int argc, char *argv[])
        if (!drop_to_userdb_privileges &&
            (flags & MASTER_SERVICE_FLAG_STANDALONE) == 0) {
                /* drop to privileges defined by service settings */
-               restrict_access_by_env(NULL, FALSE);
+               restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        }
 
        master_service_init_finish(master_service);
index 38cdfeeceb2a3494f6786ef0cd01a3206a7011e9..5f88cc9075cab77a00b921d294264fa073ae5edb 100644 (file)
@@ -269,7 +269,7 @@ int main(int argc, char *argv[])
        master_service_init_log(master_service, "script: ");
        if (argv[0] == NULL)
                i_fatal("Missing script path");
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 
        master_service_init_finish(master_service);
index d060a8fcb18a7e9d491f0f458c133760dbf5cb75..8d5d20bd9aaa3392be2b91679f3fe899b1c3d815 100644 (file)
@@ -114,7 +114,7 @@ int main(int argc, char *argv[])
                return FATAL_DEFAULT;
 
        master_service_init_log(master_service, "tcpwrap: ");
-       restrict_access_by_env(NULL, FALSE);
+       restrict_access_by_env(RESTRICT_ACCESS_FLAG_ALLOW_ROOT, NULL);
        restrict_access_allow_coredumps(TRUE);
 
        master_service_init_finish(master_service);